General

This data protection policy explains how the law firm Advokatfirman EdmarLaw AB, company registration number 556791-2547, (“EdmarLaw”, “we” or “us”) handles personal data.

EdmarLaw is the data controller for the personal data processing carried out in accordance with this data protection policy. EdmarLaw will only collect and process personal data in accordance with the General Data Protection Regulation (in short GDPR, EU 2016/679). EdmarLaw also abides by the Swedish Bar Association’s current guidance for the processing of personal data at law firms.

Collection of Personal Data

EdmarLaw processes the following personal data that you choose to provide to us:

(a) Personal data relating to clients, either natural persons who themselves are clients, or their representatives, contact persons and employees of a company or an organization that are clients: name, email address, address, telephone number, social security number , copies of identity documents, employers, and other data necessary for the execution of our assignment.

(b) Personal data relating to counterparties: name, contact information, social security numbers, and other personal data necessary for the execution of our assignment.

(c) Personal data relating to other business contacts than (a) or (b): name, contact details and other personal information as required or provided for the execution of the contract or the service.

(d) Personal data relating to candidates seeking jobs at EdmarLaw: name, contact information, work experience, education history, grades, interests, and any other information which the applicant chooses to submit in its application.

(e) If a natural person contact EdmarLaw by email or phone, EdmarLaw collects names, phone number and email address, depending on the contact form, as well as other personal data required to assist the person contacting EdmarLaw.

EdmarLaw may collect personal data from third parties, such as business partners, government agencies, courts and public records for the execution of our assignment. EdmarLaws work is covered by attorney-client privilege confidentiality obligations. We will therefore only be able to inform you about the information we get from third parties if it is within the scope of the services to you or if the information is not covered by confidentiality obligations.

How we processes personal data

EdmarLaw processes personal data for the following purposes and based on the following legal grounds.

Purpose of the processingLegal grounds for processingCategories of personal dataStorage time
To carry out and administer the mission as well as protect EdmarLaws clients’ interests.In order to fulfill contractual obligations.Name, email address, address, telephone number, social security number, copies of identity documents, employer as well as other data necessary for the execution of our assignment.For 10 years from a specific contract completion, or such longer time as the Mission’s nature necessitates.
To perform mandatory conflict of interest checks and money laundering controls.EdmarLaws legitimate interest or, where appropriate, to comply with applicable law.Name, e-mail address, registration number, address, telephone number.In 10 years from a specific contract completion, or such longer time as the Mission’s nature necessitates.
To manage the relationship with suppliers and other parties than clients and counterparties.In order to fulfill contractual commitments, EdmarLaws.Name, e-mail address, registration number, address, telephone number.During the term of this agreement and for one year thereafter, unless a longer time is required to make legal claims.
To manage job applications.Other legitimate interests during initial storage period. Then further treatment be based on consent.Name, email address, address, telephone number and any other information which the applicant chooses to submit in their application.For published vacancies:

Until the position is filled, then with any consent.

For unsolicited applications:

Consent for continued storage is appropriate.

For accounting and billing purposes.In order to carry out EdmarLaws contractual commitments and to comply with applicable law.Name, email address, address, registration number, telephone number.Until the debt is paid, and then for up to seven years in accordance with Swedish accounting rules.
To invite clients to events or to provide other relevant information.Other legitimate interests.Email address.As long as the EdmarLaw sends out such information, unless the recipient declines.
To manage and assist those who contact us.Other legitimate interests.Name, email address, phone number.As long as it is required to assist in the contacting us.
For statistical purposes related to how visitors use the EdmarLaws website.Other legitimate interests.The categories listed under the heading Cookies.6 months.
In order to comply with applicable law, such as the Bookkeeping Act.In order to comply with applicable law.Name, email address, address, registration number, telephone number.In accordance with the law (according to Swedish accounting rules for seven years).

Transfers of personal data

To carry out our assignment, EdmarLaw may disclose personal data to third parties, such as courts, arbitral institutes, government agencies, other law firms, accountants, consultants and counterparties. EdmarLaw will only disclose personal data to the extent necessary to protect the interest of EdmarLaws clients and/or in order to carry out our assignment. In the event of such a transfer EdmarLaw is responsible for the continued processing, while receiving third party either becomes responsible for its further processing or the processing of the data processor to EdmarLaw, based on the circumstances in the specific case.

EdmarLaw may transfer to or share personal information with other parties who process data on behalf of EdmarLaw, in order for EdmarLaw to be able to provide its service. EdmarLaw uses the following subcontractors:

Subcontractor (name service)Country/region where the service performedMechanism for transfer to a third countryType of service
Dropbox, Inc.EU/EEA/United StatesCertification according to EU-U.S Privacy Shield FrameworkCloud computing, storage and backup
Google, Inc. (Google Analytics)EU/EEA/ United StatesCertification according to EU-U.S Privacy Shield FrameworkStatistics related to our Web site
K10 Redovisning i Kalmar ABEUBookkeeping and accounting
Microsoft (Office 365)EU/EEA/ United StatesCertification according to EU-U.S Privacy Shield FrameworkCloud computing, storage and backup
Netintegrate Sweden ABEUIt Support
P & K TimeApp AB (TimeApp)EUTime tracking and invoicing

 

EdmarLaw only work with companies that process personal data within the EU/EEA or with companies that are considered to maintain the same level of protection as within the EU/EEA, for example, having joined the so-called Privacy Shield agreement between the European Union and the United States.

EdmarLaw provides personal data to government agencies such as police, tax authorities or other authorities about EdmarLaw is required to do so by law. An example of such disclosure is to combat money laundering and financing terrorism.

Rights for registered

The right to a register excerpt. You have the right to request a transcript of your personal data that we store and process. Your request must be submitted in writing to us using the contact information below, including your signature.

The right to rectification. EdmarLaw want you to correct inaccurate or incomplete information about you, and kindly ask you to contact us in this case.

Data portability. When it comes to personal data you have provided to us, you have the right to request a transfer to another provider. Contact us for help with this.

The right to be forgotten. You have the right to object to our processing of your personal data. The consequence of this may be that we are no longer able to carry out the assignment. Contact us and we’ll see to what extent this is possible.

Marketing communications. You may at any time decline marketing communications from EdmarLaw. Let us know in that case.

Security

Security is important to EdmarLaw, which takes appropriate technical and organizational security measures to ensure that personal data is not misused, lost or accessed by unauthorized persons in connection with the processing of personal data by EdmarLaw according to this data protection policy. Among other things, this means that we apply encryption to all devices, apply multifactor authentication at any log-in, conduct regular back-ups, apply virus protection, regular deletion of unnecessary personal data, as well as internal access restriction based on roles and permissions.

Cookies

EdmarLaw uses Google Analytics statistics tool (cookies _ga and _gat) to see visitor statistics and to improve the site according to how our visitors are using it. A cookie is a small text file containing information that is saved on your computer. If you do not accept cookies, you can adjust your web browser settings to not accept cookies (disabling) or to inform you when a cookie is being used.

When you visit the EdmarLaws website, the following data is collected through cookies: traffic data, IP address, type of device, operating system, the browser type the visitor is using and how visitors use our site.

Changes to this data protection policy

EdmarLaw reserves the right to make changes to this data protection policy.

All changes to this policy will be published on our website. Please visit our website regularly to keep you informed of any changes.

Contact

For more information on EdmarLaws data protection management, or if you have any questions, please feel free to contact EdmarLaw at:

Advokatfirman EdmarLaw AB, Tegnérgatan 23 6 tr, 111 40 Stockholm or info@edmarlaw.se.

If you are dissatisfied with how we treat your personal information, you should contact EdmarLaw and let us know. You can also turn to the Data Inspection Board, + 46 8 657 61 00, datainspektionen@datainspektionen.se, Box 8114, 104 20 Stockholm.